Contracting Over Privacy: Introduction

Privacy and Security and Internet

Article Snapshot

Author(s)

Omri Ben-Shahar and Lior Strahilevitz

Source

The Journal of Legal Studies, Vol. 45, No. S2, pp. S1-S11, 2016

Summary

As smart products and services that use “big data” proliferate, privacy advocates express concerns that privacy regulation is too weak. Many consumers agree to give up privacy protections when they use sites or make purchases online. Should regulators restrict consumers from waiving privacy protection?

Policy Relevance

Courts tend to treat privacy terms just like other terms of a consumer contract. Courts can use contract law to prevent firms from overreaching.

Main Points

  • Many observers wonder if contract law has absorbed privacy law, and if it has become too easy for consumers to waive privacy protections.
     
  • Consumers say that they are concerned about privacy in response to survey questions, but in practice, most consumers seem to place little value on privacy; people will pay no more than $15 per year to avoid content analysis of their e-mail messages.
     
  • Courts almost always treat privacy policies as contracts; many privacy lawsuits ask whether a consumer’s click to “agree” to a firm’s privacy terms is enough to override protective default rules; some take the view that privacy should be treated differently than other contract terms.
     
  • Courts follow the rule that a consumer’s consent overrides protective legal default rules, regardless of whether the default rule addresses privacy, warranty protection, or another term of the contract.
     
  • If privacy notices are viewed as consumer contracts, they serve two main functions:
     
    • Limiting the liability of firms for data practices that require consumer consent;
       
    • Assuring consumers that some data practices will not occur.
       
  • Privacy regulators should view the regulations as establishing a set of default rules and expect that many firms will induce consumers to waive those rules.
     
  • People often assume that there is a significant difference between privacy regulations that require consumers to opt in to information sharing, and regulations that require firms to offer consumers the option of opting out; however, firms are good at persuading consumers to opt in.
     
  • Privacy regulation established a set of default rules, insufficiently protective for some consumers, and too protective for others; the rules should be designed to maximize the value of transactions for consumers who are covered by the default rule.
     
  • Privacy regulation established a set of default rules, insufficiently protective for some consumers, and too protective for others; the rules should be designed to maximize the value of transactions for consumers who are covered by the default rule.
     
  • Courts have good reasons to treat privacy contracts the same way as consumer contracts generally.
     
    • Consumers might be ill-informed, but some regulatory alternatives are worse.
       
    • Consumer contract law includes tools that allow courts to combat overreaching by commercial firms.
       

 

Get The Article

Find the full article online

Search for Full Article

Share